• Noraini Che Pa Faculty of Computer Science and Information Technology, University Putra Malaysia, 43400 UPM, Serdang, Selangor, Malaysia.
  • Bokolo Anthony Jnr Faculty of Computer Science and Information Technology, University Putra Malaysia, 43400 UPM, Serdang, Selangor, Malaysia.



Risk, operational risk, technical risk, strategic risk, risk mitigation, ICT and knowledge codification.


Recently, organisations have incorporated various methods into their business process in mitigating risk. Although, Information and Communication Technology (ICT) practitioners is not capable mitigate the identified risk systematically due to the high magnitude of loss caused by operational, technical and strategic risk. The ICT practitioners need to improve their ability to identify and mitigate the risks to ICT infrastructures. Besides that ICT practitioners in organization find it difficult to mitigate risks if they don’t utilize completely their knowledge. There is need for ICT practitioner to codify knowledge, especially through the development of policies and practices to guide decision makers in mitigate risk in their organizations. The aim of this paper is to develop a process model for capturing, storing, disseminating and utilizing risk knowledge of knowledge-based supporting ICT practitioners to make decisions. Quantitative research methodology was adopted for reviewing of existing risk mitigation approaches in ICT and carrying out a survey using questionnaire among ICT practitioners. The questionnaire was used to validate the developed process model. Findings from the questionnaire confirms that the developed process model can assist ICT practitioners in mitigating operational, technical and strategic risk based on the codification of past knowledge of risk experts.


